CVE-2025-4519 IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonatedonorpassword function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2021-20826

Malware in sbrugna...

EUVD-2017-8202

Malware in sbrugna...

EUVD-2019-13213

Malware in sbrugna...

EUVD-2023-28664

Malicious code in bioql PyPI...

EUVD-2025-4512

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2023-27008

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

CVE-2025-9250

CVE-2025-9250 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 devices (versions 1.0.013.001 through 1.0.04.002 and 1.1.05.003 through 1.2.07.001). The vulnerability is in the setPWDbyBBS function in /goform/setPWDbyBBS, where manipulation of the argument hint leads to a stack-based buff...

CVE-2024-48827

An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function...

CVE-2024-24720

An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system...

CVE-2024-31759

An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function...

CVE-2024-40490

An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information via a crafted XAJAX call to the Forgot Password function...

CVE-2023-24653

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function...

CVE-2021-37517

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service...

CVE-2025-4914 PHPGurukul Auto Taxi Stand Management System forgot-password.php sql injection

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. Th...

CVE-2023-34732

An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords...

CVE-2025-29390

jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the setpassword function in application/controllers/home.php...

jerryhanjj ERP 安全漏洞

jerryhanjj ERP is an ERP import, export, storage and marketing system developed by Jerry's personal developer. A security vulnerability exists in jerryhanjj ERP version 1.0, which is caused by a SQL injection in the setpassword function of home.php...

CVE-2024-57401

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function...

CVE-2024-57401

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function...